[j-nsp] small multitenant datacenter

Benny Amorsen benny+usenet at amorsen.dk
Sun Dec 2 17:11:19 EST 2012


Ryan Goldberg <RGoldberg at compudyne.net> writes:

> So, to the actual questions. I've got a design that basically does a
> routing-instance per customer, and stuffs the customers server into
> one vlan, default GWing to a VRRP address on RVIs handled by a pair of
> ex4200 virt-chassis, and then uses another vlan/RVI "northbound" on
> the ex4200 virt-chassis to talk to L3 address on NAT boxes (SRX),
> DMVPN boxes (cisco x8xx), and MPLS boxes (MX80s). All those L3
> addresses are in customer-specific routing-instance (or, VRF on cisco)
> and there's a per-customer ospf instance keeping things knitted
> together.
>
> A diagram is perhaps useful: https://www.dropbox.com/s/69hbtzgqomnre5m/simplified%20flow%20diagram.pdf

That design is somewhat similar to one that I am familiar with; it all
looks sane.

The one challenge above any other has been handling private IP
addresses. Especially because there was the additional requirement that
it must be possible for monitoring servers to reach the hosted customer
equipment and the CPEs.

Will your design hit any problems if a customer already uses 10.144.x?

In a green-field deployment today I would move all the "special" traffic
to IPv6 and only care about public IP addresses in IPv4. The MPLS would
still move customer traffic with IPv4 private IPs and the hosted servers
and firewalls would still have private IPv4 addresses, but all
monitoring traffic would be IPv6.

One thing was different in the design: The equivalents of your VLANs
2000-2999 and 3000-3999 are carried inside q-in-q, to make it possible
to eventually grow beyond 4000 customers and to ensure that overlap
between customer VLANs and other VLANs would not cause problems.


/Benny



More information about the juniper-nsp mailing list